Adobe is under attack. The company released some information on the attack and apparently the intruders gained access to encrypted details for 2.9 million customers.
Adobe did say the data remains encrypted and they “do not believe the attackers removed decrypted credit or debit card numbers.”
The hackers may have gained access the source code for at least three of Adobe’s products: Acrobat, ColdFusion, and ColdFusion Builder.
That would make sense as security researcher Brian Krebs reported on discovering Adobe source code on a hacking group’s server.
Adobe has had a difficult go of it this year with multiple vulnerabilities, but this could just add to more attack opportunities for the bad guys.
“Very recently, Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products,” said a release on the Adobe blog. “We believe these attacks may be related.”
Adobe said it was working internally as well as with external partners and law enforcement, to address the incident. The company said in its blog it was taking the following steps:
• As a precaution, we are resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts. If your user ID and password were involved, you will receive an email notification from us with information on how to change your password. We also recommend that you change your passwords on any website where you may have used the same user ID and password.
• We are in the process of notifying customers whose credit or debit card information we believe to be involved in the incident. If your information was involved, you will receive a notification letter from us with additional information on steps you can take to help protect yourself against potential misuse of personal information about you. Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available.
• We have notified the banks processing customer payments for Adobe, so that they can work with the payment card companies and card-issuing banks to help protect customers’ accounts.
• We have contacted federal law enforcement and are assisting in their investigation.